What you'll learn at the end of the tutorial

We publish the users public keys on Virgil Cards Service so that users are able to use it at any time to encrypt data or verify signature. The private keys will stay on users devices.

What's Virgil propose developers

Open source Crypto Library. In oder to perform cryptographic operations.

Virgil Services. For storing & managing users Public Keys and validation of user identities in anything from emails to applications.

Virgil SDK that lets you easily manage a Crypto Library and communicate with Virgil Services.

What's needed from developers side

have a backend server for your app.

have a client-side application.

OK, enough talking! Let's get started!

Collect Account information

The first thing you need to do is grab all the necessary information from Virgil account. To set up your Client and Server Sides, you need the following values from your account:

Account values

Description

ACCESS_TOKEN

Used to authenticate your users on Virgil Services.

APP_KEY

Private Key that is generated during an Application registration on your dashboard.

APP_KEY_PASSWORD

A password that established for a Private Key of your Application.

APP_ID

Your application identifier.

Set up your server side

Your server should be able to authorize your users, store your Application's Virgil Key and use the Virgil SDK for cryptographic operations or for requests to Virgil Services. You can configure your server using the next steps:

Install SDK & Setup Virgil Crypto

The Virgil SDK is provided as a package named virgil/sdk. The package is distributed via composer package management system.

You need to install php virgil crypto extension ext-virgil_crypto_php as one of dependency otherwise you will get the requested PHP extension virgil_crypto_php is missing from your system error during composer install.

Set up your Client side

Set up the client side to provide your users with an access token after their registration at your Application Server to authenticate them for further operations and transmit their Virgil Cards to the server. Configure the client side using the next steps:

Install SDK & Setup Virgil Crypto

The Virgil SDK is provided as a package named virgil/sdk. The package is distributed via composer package management system.

You need to install php virgil crypto extension ext-virgil_crypto_php as one of dependency otherwise you will get the requested PHP extension virgil_crypto_php is missing from your system error during composer install.

Register Users

Now you need to register users who will encrypt data.

In order to sign and encrypt a data each user must have his own tools, which allow him to perform cryptographic operations, and these tools must contain the necessary information to identify users. In Virgil Security, these tools are the Virgil Key and the Virgil Card.

When we have already set up the Virgil SDK on the server & client sides, we can finally create Virgil Cards for the users and transmit the Cards to your Server for further publication on Virgil Services.

Generate Keys and Create Virgil Card

Use the Virgil SDK on the client side to generate a new Key Pair, and then create a user's Virgil Card using the recently generated Virgil Key. All keys are generated and stored on the client side.

In this example we:

use Virgil Crypto Library to generate Key Pair;

save a Private Key into Key Storage created by Virgil Client SDK on user's device;

create user's Virgil Card. Each Virgil Card is signed by a user's Virgil Key, which guarantees the Virgil Card's content integrity over its life cycle.

Sign a transmitted user's Card with App Key and publish the Card on Virgil Cards Service:

// publish a Virgil Card
$virgilApi->Cards->publish($aliceCard);

With the user's Private Key and Cards in place, you will be ready to sign and encrypt a message for encrypted communication. Also, once the Recipient receives the signed and encrypted message, he can decrypt message and verify signature.

Sign Data

With the sender's Cards in place, we are now ready to ensure the data integrity by creating a digital signature. This signature ensures that no third party modified any of the message's content and that they can trust a sender.